A state-sponsored Chinese hacking group infiltrated the U.S. Treasury Department, gaining access to employee workstations and unclassified documents, the Biden administration revealed on Monday. This breach adds to growing concerns about China’s ability to penetrate critical U.S. systems.
Details of the Treasury Breach
The Treasury Department was alerted to the incident on December 8 by BeyondTrust, a third-party software service provider. According to a letter sent to lawmakers, the hacker used a stolen security key to remotely access Treasury workstations and their stored documents.
“Indicators point to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter stated. Treasury policy classifies such incidents as major cybersecurity breaches.
The department, in collaboration with the FBI, intelligence agencies, and other investigators, determined the compromised service had been taken offline, and there is no evidence that the hackers still have access to Treasury data.
Broader Chinese Cyber Activities Raise Alarm
The Treasury hack follows recent revelations that a Chinese hacking group, nicknamed “Salt Typhoon,” penetrated U.S. telecommunications systems. Salt Typhoon, believed to be linked to China’s Ministry of State Security, gained access to conversations and text messages involving prominent figures like Donald Trump and Senator JD Vance.
The group also obtained a nearly complete list of phone numbers wiretapped by the Justice Department, potentially revealing which Chinese spies the U.S. is monitoring.
U.S. Response to Escalating Cyber Threats
In response to the telecommunications breach, the Commerce Department announced a ban on the remaining U.S. operations of China Telecom, one of China’s largest communications firms.
The Treasury Department stated it takes cybersecurity threats seriously and is working with private sector partners and government agencies to safeguard the financial system. Additional details about the Treasury breach will be provided in a forthcoming report to Congress.
China Denies Involvement
Chinese officials have consistently denied any government involvement in hacking. Despite ongoing tensions, U.S. and Chinese officials have held discussions on cybersecurity collaboration, including a recent round of economic and financial meetings in China.
The series of high-profile breaches underscores the vulnerabilities in U.S. systems and the growing sophistication of state-sponsored hacking campaigns, with critical implications for national security and U.S.-China relations.
